SHA256HighVerifiedSignal 53/100
e25892603c42e34bd7ba0d8ea73be600d898cadc290e3417a82c04d6281b743b
Location
First Seen
Feb 24, 2026
Last Seen
May 14, 2026
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
5 reports53% confidence
5
Source reports
53%
Confidence score
Category tags
abuseacademic institutionsactive scanactive scanningactivity: executionactivity: persistenceadministrationaerospace & defenseai-assistedalienvault_ransomwareapi abuseaptapt groupsargentinaasiabackdoorbad reputationbahrainbrazilbrute forcec2chilechromelevatorcivil servicescommunication protocolcontagious interview campaigncredentialcredential accesscredential stuffingcredential-theftcyber espionagecyber threatscyberattacksdefensedefense contractingdefense logisticsdefense systemsdefense technologydetect-debug-environmentdirect-cpu-clock-accessdll side-loadingdll sideloadingdll-sideloadingeducationeducational resourceseducational serviceseducational technologyenergyenergy distributionf httpsfile-hashfinancefinance and insurancefinancial servicesfoudregeopolitical tensionsghostbackdoorghostfetchgovernment technologyhigher educationhttp scannerhttpsidentity & access exploitationidleindicatorindonesiainfrastructure analysisiot securityipv4iraniranianiranian aptk-12 educationkuwaitlong-sleepsmalaysiamalwaremenamexicomilitary operationsmimicratmoismuddywatermuddywater - g0069muddywater apt campaignnational securitynetwork iocsnetwork scanningnorth americaoil & gasomanopencti_label seedwormoperating systemoperation olalampooverlaypeexeperuphilippinespossible reconnaissancepost-exploitationpower generationpower systemsproactive defenseprocess injectionprotocol: rdpprotocol: sshproxypublic administrationpublic infrastructurepublic policyqatarransomwarereconnaissanceregulatory agenciesremote accessremote servicesrenewable energyresearchedruntime-modulesrustrust backdoorsaudi arabiasecurity operationsseedwormsignedsingaporesliversocks5 proxysouth americasouth koreassh tunnelt1003t1003.001t1003.002t1016t1018t1021t1021.001t1027t1033t1036t1041t1049t1053t1053.001t1053.005t1055t1055.001t1056t1056.002t1059t1059.001t1059.003t1059.007t1068t1069.001t1070t1071t1071.001t1073t1076t1078t1082t1083t1087t1087.001t1087.002t1090.001t1090.003t1102t1105t1110t1110.002t1113t1133t1135t1140t1190t1204t1204.002t1499.001t1499.002t1518.001t1543.001t1547.001t1548t1552t1552.001t1555t1558.003t1563t1566t1566.001t1567.002t1569t1569.002t1571t1572t1573t1574.002t1588t1595t1595.001t1595.002t1595.003t1614tamecatthailandthreat actorthreat actor: muddywaterthreat intelligencethreat type: apttls fingerprintingtor nodetriton fork campaignunited arab emiratesvulnerability scanweb trafficwin32 malwarewindowswindows malwareyara
Activity Timeline
May 14May 14
Threat Activity Heatmap
· Peak: 2026-05-14LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
5
Reports
First seenFeb 24, 2026
Last seenMay 14, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- PE32+ executable (GUI) x86-64, for MS Windows
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 4 months ago · Last seen 1 month ago
Appeared in 5 threat reports